Illinois Compiled Statutes
Chapter 105 - SCHOOLS
105 ILCS 85/ - Student Online Personal Protection Act.

(105 ILCS 85/1)
Sec. 1. Short title. This Act may be cited as the Student Online Personal Protection Act.

(Source: P.A. 100-315, eff. 8-24-17.)
 
(105 ILCS 85/3)
Sec. 3. Legislative intent. Schools today are increasingly using a wide range of beneficial online services and other technologies to help students learn, but concerns have been raised about whether sufficient safeguards exist to protect the privacy and security of data about students when it is collected by educational technology companies. This Act is intended to ensure that student data will be protected when it is collected by educational technology companies and that the data may be used for beneficial purposes such as providing personalized learning and innovative educational technologies.

(Source: P.A. 100-315, eff. 8-24-17.)
 
(105 ILCS 85/5)
Sec. 5. Definitions. In this Act:
"Breach" means the unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of covered information maintained by an operator or school. "Breach" does not include the good faith acquisition of personal information by an employee or agent of an operator or school for a legitimate purpose of the operator or school if the covered information is not used for a purpose prohibited by this Act or subject to further unauthorized disclosure.
"Covered information" means personally identifiable information or material or information that is linked to personally identifiable information or material in any media or format that is not publicly available and is any of the following:
"Interactive computer service" has the meaning ascribed to that term in Section 230 of the federal Communications Decency Act of 1996 (47 U.S.C. 230).
"K through 12 school purposes" means purposes that are directed by or that customarily take place at the direction of a school, teacher, or school district; aid in the administration of school activities, including, but not limited to, instruction in the classroom or at home, administrative activities, and collaboration between students, school personnel, or parents; or are otherwise for the use and benefit of the school.
"Longitudinal data system" has the meaning given to that term under the P-20 Longitudinal Education Data System Act.
"Operator" means, to the extent that an entity is operating in this capacity, the operator of an Internet website, online service, online application, or mobile application with actual knowledge that the site, service, or application is used primarily for K through 12 school purposes and was designed and marketed for K through 12 school purposes.
"Parent" has the meaning given to that term under the Illinois School Student Records Act.
"School" means (1) any preschool, public kindergarten, elementary or secondary educational institution, vocational school, special educational facility, or any other elementary or secondary educational agency or institution or (2) any person, agency, or institution that maintains school student records from more than one school. Except as otherwise provided in this Act, "school" includes a private or nonpublic school.
"State Board" means the State Board of Education.
"Student" has the meaning given to that term under the Illinois School Student Records Act.
"Targeted advertising" means presenting advertisements to a student where the advertisement is selected based on information obtained or inferred from that student's online behavior, usage of applications, or covered information. The term does not include advertising to a student at an online location based upon that student's current visit to that location or in response to that student's request for information or feedback, without the retention of that student's online activities or requests over time for the purpose of targeting subsequent ads.

(Source: P.A. 100-315, eff. 8-24-17; 101-516, eff. 7-1-21.)
 
(105 ILCS 85/10)
Sec. 10. Operator prohibitions. An operator shall not knowingly do any of the following:
Nothing in this Section prohibits the operator's use of information for maintaining, developing, supporting, improving, or diagnosing the operator's site, service, or application.

(Source: P.A. 100-315, eff. 8-24-17; 101-516, eff. 7-1-21.)
 
(105 ILCS 85/15)
Sec. 15. Operator duties. An operator shall do the following:
 
(105 ILCS 85/20)
Sec. 20. Permissive use or disclosure. An operator may use or disclose covered information of a student under the following circumstances:
(Source: P.A. 100-315, eff. 8-24-17.)
 
(105 ILCS 85/25)
Sec. 25. Operator actions that are not prohibited. This Act does not prohibit an operator from doing any of the following:
(Source: P.A. 100-315, eff. 8-24-17.)
 
(105 ILCS 85/26)
Sec. 26. School prohibitions. A school may not do either of the following:
(Source: P.A. 101-516, eff. 7-1-21.)
 
(105 ILCS 85/27)
Sec. 27. School duties.
(a) Each school shall post and maintain on its website or, if the school does not maintain a website, make available for inspection by the general public at its administrative office all of the following information:
The school must, at a minimum, update the items under paragraphs (1), (3), (4), and (5) no later than 30 calendar days following the start of a fiscal year and no later than 30 days following the beginning of a calendar year.
(b) Each school must adopt a policy for designating which school employees are authorized to enter into written agreements with operators. This subsection may not be construed to limit individual school employees outside of the scope of their employment from entering into agreements with operators on their own behalf and for non-K through 12 school purposes, provided that no covered information is provided to the operators. Any agreement or contract entered into in violation of this Act is void and unenforceable as against public policy.
(c) A school must post on its website or, if the school does not maintain a website, make available at its administrative office for inspection by the general public each written agreement entered into under this Act, along with any information required under subsection (a), no later than 10 business days after entering into the agreement.
(d) After receipt of notice of a breach under Section 15 or determination of a breach of covered information maintained by the school, a school shall notify, no later than 30 calendar days after receipt of the notice or determination that a breach has occurred, the parent of any student whose covered information is involved in the breach. The notification must include, but is not limited to, all of the following:
A notice of breach required under this subsection may be delayed if an appropriate law enforcement agency determines that the notification will interfere with a criminal investigation and provides the school with a written request for a delay of notice. A school must comply with the notification requirements as soon as the notification will no longer interfere with the investigation.
(e) Each school must implement and maintain reasonable security procedures and practices that otherwise meet or exceed industry standards designed to protect covered information from unauthorized access, destruction, use, modification, or disclosure. Any written agreement under which the disclosure of covered information between the school and a third party takes place must include a provision requiring the entity to whom the covered information is disclosed to implement and maintain reasonable security procedures and practices that otherwise meet or exceed industry standards designed to protect covered information from unauthorized access, destruction, use, modification, or disclosure. The State Board must make available on its website a guidance document for schools pertaining to reasonable security procedures and practices under this subsection.
(f) Each school may designate an appropriate staff person as a privacy officer, who may also be an official records custodian as designated under the Illinois School Student Records Act, to carry out the duties and responsibilities assigned to schools and to ensure compliance with the requirements of this Section and Section 26.
(g) A school shall make a request, pursuant to paragraph (2) of Section 15, to an operator to delete covered information on behalf of a student's parent if the parent requests from the school that the student's covered information held by the operator be deleted, so long as the deletion of the covered information is not in violation of State or federal records laws.
(h) This Section does not apply to nonpublic schools.

(Source: P.A. 101-516, eff. 7-1-21; 102-558, eff. 8-20-21.)
 
(105 ILCS 85/28)
Sec. 28. State Board duties.
(a) The State Board may not sell, rent, lease, or trade covered information.
(b) Except for an employee of the State Board or a State Board official acting within his or her official capacity, the State Board may not share, transfer, disclose, or provide covered information to an entity or individual without a contract or written agreement, except for disclosures required by State or federal law.
(c) At least once annually, the State Board must publish and maintain on its website a list of all of the entities or individuals, including, but not limited to, operators, individual researchers, research organizations, institutions of higher education, or government agencies, that the State Board contracts with or has written agreements with and that hold covered information and a copy of each contract or written agreement. The list must include all of the following information:
If mutually agreed upon by the State Board and the operator, provisions of a contract or written agreement, other than those pertaining to paragraphs (1) through (7), may be redacted on the State Board's website.
(d) The State Board shall create, publish, and make publicly available an inventory, along with a dictionary or index of data elements and their definitions, of covered information collected or maintained by the State Board, including, but not limited to, both of the following:
The inventory shall make clear for what purposes the State Board uses the covered information.
(e) The State Board shall develop, publish, and make publicly available, for the benefit of schools, model student data privacy policies and procedures that comply with relevant State and federal law, including, but not limited to, a model notice that schools must use to provide notice to parents and students about operators. The notice must state, in general terms, the types of student data that are collected by the schools and shared with operators under this Act and the purposes of collecting and using the student data. After creation of the notice under this subsection, a school shall, at the beginning of each school year, provide the notice to parents by the same means generally used to send notices to them. This subsection does not apply to nonpublic schools.

(Source: P.A. 101-516, eff. 7-1-21.)
 
(105 ILCS 85/30)
Sec. 30. Applicability. This Act does not do any of the following:
 
(105 ILCS 85/33)
Sec. 33. Parent and student rights.
(a) A student's covered information shall be collected only for K through 12 school purposes and not further processed in a manner that is incompatible with those purposes.
(b) A student's covered information shall only be adequate, relevant, and limited to what is necessary in relation to the K through 12 school purposes for which it is processed.
(c) Except for a parent of a student enrolled in a nonpublic school, the parent of a student enrolled in a school has the right to all of the following:
(d) Nothing in this Section shall be construed to limit the rights granted to parents and students under the Illinois School Student Records Act or the federal Family Educational Rights and Privacy Act of 1974.

(Source: P.A. 101-516, eff. 7-1-21.)
 
(105 ILCS 85/35)
Sec. 35. Enforcement. Violations of this Act shall constitute unlawful practices for which the Attorney General may take appropriate action under the Consumer Fraud and Deceptive Business Practices Act.

(Source: P.A. 100-315, eff. 8-24-17.)
 
(105 ILCS 85/40)
Sec. 40. Severability. The provisions of this Act are severable under Section 1.31 of the Statute on Statutes.

(Source: P.A. 100-315, eff. 8-24-17.)
 
(105 ILCS 85/50)
Sec. 50. (Amendatory provisions; text omitted).

(Source: P.A. 100-315, eff. 8-24-17; text omitted.)
 
(105 ILCS 85/99)
Sec. 99. Effective date. This Act takes effect upon becoming law.

(Source: P.A. 100-315, eff. 8-24-17.)

<< Previous
Next >>

Structure Illinois Compiled Statutes

Illinois Compiled Statutes

Chapter 105 - SCHOOLS

105 ILCS 5/ - School Code.

105 ILCS 10/ - Illinois School Student Records Act.

105 ILCS 13/ - P-20 Longitudinal Education Data System Act.

105 ILCS 15/ - Surplus Federal Property for Schools Act.

105 ILCS 20/ - Silent Reflection and Student Prayer Act.

105 ILCS 25/ - Interscholastic Athletic Organization Act.

105 ILCS 30/ - Illinois Peace Corps Fellowship Program Law.

105 ILCS 35/ - Children and Family Community Protection Act.

105 ILCS 40/ - Illinois Distance Learning Foundation Act.

105 ILCS 45/ - Education for Homeless Children Act.

105 ILCS 50/ - Voting by Minors Act.

105 ILCS 60/ - Community Service Education Act.

105 ILCS 70/ - Educational Opportunity for Military Children Act.

105 ILCS 75/ - Right to Privacy in the School Setting Act.

105 ILCS 80/ - Speech Rights of Student Journalists Act.

105 ILCS 85/ - Student Online Personal Protection Act.

105 ILCS 105/ - Asbestos Abatement Act.

105 ILCS 110/ - Critical Health Problems and Comprehensive Health Education Act.

105 ILCS 112/ - Dissection Alternatives Act.

105 ILCS 115/ - Eye Protection in School Act.

105 ILCS 123/ - Hunger-Free Students' Bill of Rights Act.

105 ILCS 124/ - Farm Fresh Schools Program Act.

105 ILCS 125/ - School Breakfast and Lunch Program Act.

105 ILCS 126/ - Childhood Hunger Relief Act.

105 ILCS 127/ - School Reporting of Drug Violations Act.

105 ILCS 128/ - School Safety Drill Act.

105 ILCS 129/ - School Health Center Act.

105 ILCS 135/ - Toxic Art Supplies in Schools Act.

105 ILCS 140/ - Green Cleaning Schools Act.

105 ILCS 145/ - Care of Students with Diabetes Act.

105 ILCS 150/ - Seizure Smart School Act.

105 ILCS 210/ - School Bus Performance Bond Act.

105 ILCS 230/ - School Construction Law.

105 ILCS 231/ - Design-Build for Public Schools Act.

105 ILCS 240/ - School District Intergovernmental Cooperation Renewable Energy Act.

105 ILCS 302/ - College and Career Success for All Students Act.

105 ILCS 305/ - Illinois Mathematics and Science Academy Law.

105 ILCS 310/ - Illinois Summer School for the Arts Act.

105 ILCS 405/ - Adult Education Act.

105 ILCS 426/ - Private Business and Vocational Schools Act of 2012.

105 ILCS 433/ - Vocational Academies Act.

105 ILCS 435/ - Vocational Education Act.

105 ILCS 505/ - Education Ballot and Bond Validation Act.

105 ILCS 510/ - School Election Validation (1965) Act.

105 ILCS 515/ - School Tax Rate Validation (1967) Act.

105 ILCS 520/ - School Tax Rate Validation (1968) Act.

105 ILCS 525/ - School Tax Rate Validation (1969) Act.

105 ILCS 530/ - School Election Validation (1970) Act.

105 ILCS 535/ - Municipal and School Tax Levy Validation Act.

105 ILCS 540/ - School District Validation (1971) Act.

105 ILCS 545/ - School District Validation (1975) Act.

105 ILCS 550/ - School District Validation (1988) Act.

105 ILCS 555/ - School District Validation (1995) Act.

105 ILCS 560/ - School District Validation (2001) Act.